Air Traffic control data found on eBayed network gear
A switch with networking configurations and passwords for the UK traffic control centre was offered for sale on eBay, raising serious security concerns.
The £20 Cisco Catalyst switch was bought by security consultant Michael Kemp, co-founder at Xiphos Research Labs, who quickly discovered that it has been used at the National Air Traffic Services (NATS) centre in Prestwick by contractor Serco. Data on the switch included supervisor credentials, internal VLAN and other networking configurations and upstream switch addresses as well as domains, gateways and syslogs.
"For twenty quid, I have got full switching details (and creds) for a switch that was in use (managed by Serco) two years ago to help keep planes in the air at Prestwick," Kemp explained. "Obviously this is a security fail, especially as the seller had 13 of the units that may well have come from the same estate."
A screenshot from of the configuration screen of the kit bought by Kemp, with Serco branding clearly visible, can be found here.
Full Story here